Site Navigation

Date:      Tue, 8 Apr 2014 19:03:02 +0000 (UTC)
From:      Chris Rees <crees@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r350643 - in head/security/sshguard: . files
Message-ID:  <201404081903.s38J32hS065572@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: crees
Date: Tue Apr  8 19:03:02 2014
New Revision: 350643
URL: http://svnweb.freebsd.org/changeset/ports/350643
QAT: https://qat.redports.org/buildarchive/r350643/

Log:
  Fix old sshguard bug; does not detect ssh invalid users logins
  
  PR:		ports/174571
  Submitted by:	Francois Charlier <fcharlier@ploup.net>
  
  Reset maintainer after 16 month timeout
  
  While here, stage, remove some insanity and fixup rc script

Added:
  head/security/sshguard/files/patch-src-parser-attack_scanner.l   (contents, props changed)
Modified:
  head/security/sshguard/Makefile
  head/security/sshguard/files/sshguard.in
  head/security/sshguard/pkg-install

Modified: head/security/sshguard/Makefile
==============================================================================
--- head/security/sshguard/Makefile	Tue Apr  8 18:54:10 2014	(r350642)
+++ head/security/sshguard/Makefile	Tue Apr  8 19:03:02 2014	(r350643)
@@ -3,40 +3,30 @@
 
 PORTNAME=	sshguard
 PORTVERSION=	1.5
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	SF/sshguard/sshguard/sshguard-${PORTVERSION}
 
-MAINTAINER=	mij@bitchx.it
+MAINTAINER=	ports@FreeBSD.org
 COMMENT?=	Protect hosts from brute force attacks against ssh and other services
 
 CONFLICTS?=	sshguard-ipfilter-1.* sshguard-ipfw-1.* sshguard-pf-1.*
 
-PLIST_FILES=	sbin/sshguard
+USES=		tar:bzip2
+
+PLIST_FILES=	sbin/sshguard man/man8/sshguard.8.gz
 
-MAN8=		sshguard.8
-MANCOMPRESSED=	no
-USE_BZIP2=	yes
 USE_RC_SUBR=	sshguard
 MAKE_ARGS+=	ACLOCAL="${TRUE}" AUTOCONF="${TRUE}" AUTOMAKE="${TRUE}"
-HAS_CONFIGURE=	yes
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS+=--with-firewall=${SSHGUARDFW}
 
-# sublist will be set afterward
+SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
 SUB_FILES=	pkg-message
 
 # backend type in { hosts, ipfw, pf }
 SSHGUARDFW?=	hosts
 
-NO_STAGE=	yes
-.include <bsd.port.pre.mk>
-
-.if defined(PREFIX)
-CONFIGURE_ARGS+=	--prefix=${PREFIX}
-.endif
-
-# set path for manpages
-CONFIGURE_ARGS+=	--mandir=${MANPREFIX}/man
-
 .if ${SSHGUARDFW} == pf
 PKGMSG_FWBLOCK="  To activate or configure PF see http://sshguard.sf.net/doc/setup/blockingpf.html"
 .elif ${SSHGUARDFW} == ipfw
@@ -47,16 +37,4 @@ PKGMSG_FWBLOCK="  Sshguard is going to u
 PKGMSG_FWBLOCK="  Sshguard will use /etc/ipf.rules as ruleset."
 .endif
 
-# for substitution in subfiles
-SUB_LIST+=	PKGMSG_FWBLOCK=${PKGMSG_FWBLOCK}
-
-CONFIGURE_ARGS+=	--with-firewall=${SSHGUARDFW}
-
-post-install:
-	@PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL
-	@${CAT}	${PKGMESSAGE}
-
-pre-deinstall:
-	@PKG_PREFIX=${PREFIX} ${SH} ${PKGDEINSTALL} ${PKGNAME} DEINSTALL
-
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>

Added: head/security/sshguard/files/patch-src-parser-attack_scanner.l
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sshguard/files/patch-src-parser-attack_scanner.l	Tue Apr  8 19:03:02 2014	(r350643)
@@ -0,0 +1,11 @@
+--- src/parser/attack_scanner.l.orig	2012-12-19 10:58:02.992356246 +0000
++++ src/parser/attack_scanner.l	2012-12-19 10:58:22.407356894 +0000
+@@ -127,7 +127,7 @@
+ 
+ 
+  /* SSH: invalid or rejected user (cross platform [generated by openssh]) */
+-"Invalid user ".+" from "                         { return SSH_INVALUSERPREF; }
++[Ii]"nvalid user ".+" from "                         { return SSH_INVALUSERPREF; }
+  /* match disallowed user (not in AllowUsers/AllowGroups or in DenyUsers/DenyGroups) on Linux Ubuntu/FreeBSD */
+  /* "User tinydns from 1.2.3.4 not allowed because not listed in AllowUsers" */
+ "User ".+" from "                                               { BEGIN(ssh_notallowed); return SSH_NOTALLOWEDPREF; }

Modified: head/security/sshguard/files/sshguard.in
==============================================================================
--- head/security/sshguard/files/sshguard.in	Tue Apr  8 18:54:10 2014	(r350642)
+++ head/security/sshguard/files/sshguard.in	Tue Apr  8 19:03:02 2014	(r350643)
@@ -31,6 +31,7 @@
 
 # PROVIDE: sshguard
 # REQUIRE: LOGIN cleanvar
+# KEYWORD: shutdown
 
 #
 # Add the following lines to /etc/rc.conf to enable sshguard:
@@ -62,14 +63,10 @@
 
 name="sshguard"
 rcvar="sshguard_enable"
-command="/usr/sbin/daemon"
-actual_command="%%PREFIX%%/sbin/${name}"
-procname="${actual_command}"
 
 load_rc_config $name
 
-: ${sshguard_enable="NO"}
-: ${sshguard_pidfile="/var/run/${name}.pid"}
+: ${sshguard_enable:="NO"}
 : ${sshguard_blacklist="40:/var/db/sshguard/blacklist.db"}
 : ${sshguard_safety_thresh="40"}
 : ${sshguard_pardon_min_interval="1200"}
@@ -77,8 +74,11 @@ load_rc_config $name
 : ${sshguard_whitelistfile="%%PREFIX%%/etc/sshguard.whitelist"}
 : ${sshguard_watch_logs="/var/log/auth.log:/var/log/maillog"}
 
-pidfile="${sshguard_pidfile}"
-sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ `
+pidfile=${sshguard_pidfile:-"/var/run/${name}.pid"}
+
+command="/usr/sbin/daemon"
+actual_command="%%PREFIX%%/sbin/${name}"
+procname="${actual_command}"
 start_precmd="${name}_prestart"
 
 command_args="-cf ${actual_command} -b ${sshguard_blacklist} ${sshguard_watch_params} -a ${sshguard_safety_thresh} -p ${sshguard_pardon_min_interval} -s ${sshguard_prescribe_interval} -w ${sshguard_whitelistfile} -i ${sshguard_pidfile}"
@@ -87,6 +87,7 @@ sshguard_prestart()
 {
 	mkdir -p `dirname ${sshguard_blacklist##*:}`
 	[ -e ${sshguard_whitelistfile} ] || touch ${sshguard_whitelistfile}
+	sshguard_watch_params=`echo ${sshguard_watch_logs} | tr : \\\n | sed -e s/^/-l\ /g | tr \\\n \ `
 }
 
 run_rc_command "$1"

Modified: head/security/sshguard/pkg-install
==============================================================================
--- head/security/sshguard/pkg-install	Tue Apr  8 18:54:10 2014	(r350642)
+++ head/security/sshguard/pkg-install	Tue Apr  8 19:03:02 2014	(r350643)
@@ -13,7 +13,7 @@ SSHGUARDCONFLINE="auth.info;authpriv.inf
 
 case "$2" in
     "POST-INSTALL")
-        if test "x$SSHGUARDFW" = xhosts
+        if test "$SSHGUARDFW" = hosts
         then
             touch /etc/hosts.allow
         fi
@@ -23,7 +23,7 @@ case "$2" in
 	    TMPFILE=`mktemp -q /tmp/syslogcXX`
 	    # make sure our file has the same permissions as the original, since we mv it back
 	    cp -p $SYSLOGCONF ${TMPFILE}
-	    echo > ${TMPFILE}
+	    : > ${TMPFILE}
             inheader=1
             cat "$SYSLOGCONF" | while read cline ;
             do

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201404081903.s38J32hS065572>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact